Sandworm, a Russian intelligence unit, may have branched out from causing blackouts in Ukraine and hacking French presidential campaigns, setting its sights on a new target: critical U.S. infrastructure, The Washington Post reports. In January, the town of Muleshoe, Texas, lost tens of thousands of gallons of water after its water supply controls were hacked. A video then surfaced online by a group which identified itself as the Cyber Army of Russia Reborn (CARR), explaining how they’d carried out the hit. The cybersecurity firm Mandiant found that several CARR accounts were made on the same servers as those used by Sandworm, according to a report published Wednesday. Mandiant also found that CARR had posted information stolen by Sandworm hackers on Telegram. U.S. intelligence officials have yet to definitively confirm that CARR is linked to Sandworm, or GRU, Russia’s military spy agency. “If it isn’t GRU, whoever is doing this is working out of the same clubhouse,” said Mandiant’s chief analyst John Hultquist. “It’s too close for comfort.”